Simple solution.
Turn off all services and justify each open port.
At the network level block all but ports needed from the outside
(e.g. ssh may be needed, but does the outside need to be able to get
to it? or if you have a static ip on dialup you could add a rule
for this to allow you to get to your workstation only, and from there
to the machines).
Security should be there from a host level, not just a network
level.
--
ed is for newbies.
*Real* hackers use magnets and magnifying glasses.